segfault / null ptr access on malformed 7z file

[kwrobot]

Original issue 405 created by Google Code user hanno@hboeck.de on 2015-02-07T22:31:40.000Z:

bsdtar will segfault due to a null pointer access in the attached malformed 7z file. Found with american fuzzy lop.

libarchive/archive_read_support_format_7zip.c:2054:7: runtime error: member access within null pointer of type 'struct _7z_folder'
ASAN:SIGSEGV
=================================================================
==14504==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000038 (pc 0x000000b7a538 sp 0x7fff8137ce50 bp 0x000000000007 T0)
    #0 0xb7a537 in read_CodersInfo libarchive/archive_read_support_format_7zip.c:2054
    #1 0xb7a537 in read_StreamsInfo libarchive/archive_read_support_format_7zip.c:2288
    #2 0xb94a2c in read_Header libarchive/archive_read_support_format_7zip.c:2377
    #3 0xb94a2c in slurp_central_directory libarchive/archive_read_support_format_7zip.c:2907
    #4 0xb94a2c in archive_read_format_7zip_read_header libarchive/archive_read_support_format_7zip.c:637
    #5 0x4b5ffb in _archive_read_next_header2 libarchive/archive_read.c:645
    #6 0x4b5ffb in _archive_read_next_header libarchive/archive_read.c:685
    #7 0x42a422 in read_archive tar/read.c:252
    #8 0x42d5f2 in tar_mode_x tar/read.c:104
    #9 0x41469c in main tar/bsdtar.c:805
    #10 0x7f1d78f07f9f in __libc_start_main (/lib64/libc.so.6+0x1ff9f)
    #11 0x41a160 (/mnt/ram/libarchive/bsdtar+0x41a160)

See attachment: bsdtar-null-ptr.7z
See attachment: bsdtar-null-ptr.7z.asan.txt

[kwrobot]

Comment #1 originally posted by kientzle on 2015-02-08T21:44:18.000Z:

This seems to be fixed in git commit d094dc.